Featured Slideshow

In a Dallas courtroom on Thursday, writer and activist Barrett Brown was sentenced to 63 months in prison and was ordered to pay a little more than $890,000 in restitution and fines, according to reports.

Upcoming Live Events

Be sure to stay tuned for breaking news on our 2015 conference and expo, which promises to deliver even more innovative programming and an enhanced showcase of the latest cyber security solutions you must see.

Making EHR a reality

Canada's system of socialized medicine may be seen as a model from abroad, but some critics inside the country believe its condition is critical.

The malady is a lack of technological investment, specifically on the security side.

In a scathing analysis issued last year, the Canadian Medical Association (CMA) called Canada “a laggard in the use of information technology in the service of patients.” The slow pace of investment in Canada's digital health infrastructure was echoed by the Information Technology Association of Canada (ITAC) in November.

While countries such as Denmark and the United Kingdom have had national electronic health records (EHRs) for several years, fewer than half of Canada's 35 million people have access to online medical files. Given the current state of security, that may be just as well, said John Millar, president of Digital Boundary Group, provider of IT security assurance services.

“There is virtually no security at the endpoint, where health care is delivered to the patient,” he said. “With something like 100,000 access points in the province of Ontario alone, that's a concern.”

Without a substantial investment in awareness-building as it relates to security, the system is wide open to major breaches.

“We have clients that are clinics and smaller hospitals, and I've been impressed with some of the work on their data centers, but the security awareness stops at the executive level," Millar said.

He cited unsecured desktop computers and other data-entry points as significant risks.

“You have to get to the people who are delivering health services and educate them," he said. "One of our big issues is that 50 to 60 percent of data is vulnerable through technology. If security relies on people alone, that rate goes up to almost 100 percent.”

Like the CMA and ITAC, Millar – whose company established itself providing risk assessments for the financial sector – cited spending as the weak point in the system. While the federal government has estimated that a national EHR will require an investment of $350 for each Canadian, the current investment stands at about $50 per capita. The CMA is hoping that the $500 million expenditure included in the 2010 federal budget, tabled in early March, will help make an EHR a reality in the coming decade.

Millar hopes that funds will be directed where they are needed.

“Where's the money at the delivery end?" he said. "You have to get it to the people in the clinics, educate them about security and teach them best practices.”

With Canada's health care delivery system stretched to its breaking point in hospital emergency rooms, and high-profile patients such as Newfoundland and Labrador Premier Danny Williams heading across the Canada-United States border for elective surgery, speculation is high about when an EHR will help ease the strain.

Millar has a grim prognosis. For him, the delivery of an effective online health system “is as close as the first major security disaster. The nature of risk in our business – whether it's public utilities or banking – is always changing. In our view, health care is no different. People need to be aware of how susceptible it is.”

SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.